Re: [gopher] Capability files are dangerous
On May 14, 2012, at 19:24 , Kim Holviala wrote:
> On May 14, 2012, at 19:14 , Cameron Kaiser wrote:
>
>>> Actually.... The original poster was somewhat correct with that assumption.
>>> I can now fairly reliably determine between UMN gopher client, Overbite
>>> (the latest betas) and other gopher clients.
>>
>> How so? UMN has its idiosyncrasy about G+, but OverbiteFF and the Floodgap
>> proxy should be nearly indistinguishable (and when I add caps to Overbite
>> Android, it will be implemented in nearly the same way as OverbiteFF).
>
> The only client *ever* to request "<TAB>$" is UMN gopher. By using the "users are stupid" logic it's fairly easy to determine that the user just wants to type "gopher foo.bar". And since Gophernicus already tracks users it's fairly easy to know that they're using UMN during the whole browsing session. Not foolproof, but fairly reliable.
>
> As for caps.txt, apart from me and you the only thing to *ever* request caps.txt is Overbite. And I can easily differentiate between you/me & Overbite using simple timing measurements (hint: Overbites request timings are constant, ours aren't).
For anyone who's just as paranoid as I am....
No, Gophernicus doesn't do that. Yet. I'm still thinking about it, just because it would be neat to have more correct logging. Also, I could automatically serve UTF-8 to Overbite since it's one of the few clients which handle it just fine.
And related to the above; I can determine with 100% reliability all of the existing gopher servers. Got code too to prove it.
- Kim
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
Reply to: